Cloud Security Alliance launches initiative to automate compliance
The Cloud Security Alliance has established a new initiative, the Compliance Automation Revolution, to address the growing complexity of regulatory compliance in data security and privacy.
Organisations are facing mounting pressure to comply with an expanding array of data security and privacy laws, a trend accelerated by the proliferation of artificial intelligence technologies. The challenge is compounded by the increasing volume of data and technological advances that expand compliance requirements, leading to rising costs and diminishing returns in security improvement efforts.
The Compliance Automation Revolution (CAR) is a coalition supported by a range of industry partners, including Google, Oracle, Anecdotes, Coalfire, Deloitte Italy, Salesforce, Schellman, and Vanta. The initiative aims to offer practical and effective solutions to common compliance challenges, leveraging automation and collaborative frameworks to relieve the regulatory burden on organisations.
CAR's objectives include enhancing the quality of compliance, reducing associated risks and costs, and progressing towards regulatory harmonisation. The initiative also seeks to introduce real-time information exchanges between businesses and regulators to bolster assurance and cultivate greater trust within the wider ecosystem.
Jim Reavis, Chief Executive Officer and Co-Founder of the Cloud Security Alliance, stated, "With 16 years of thought leadership, cutting-edge innovation, and global expertise, CSA is uniquely positioned to lead the Compliance Automation Revolution. Through initiatives like the globally recognized Security, Trust, Assurance and Risk (STAR) program and vendor-neutral research, we've consistently prioritised the industry's evolving needs. Now, with the launch of CAR, we're shaping a future where compliance not only enhances security but does so efficiently - eliminating unnecessary costs and redundant efforts."
The CAR coalition intends to focus on four main action areas. The first involves automating the collection and sharing of compliance evidence through standardised, machine-readable formats. The second area is the integration of compliance checks earlier in the software development lifecycle through shift-left approaches. Thirdly, CAR aims to harmonise diverse regulatory frameworks into a common set of controls. The fourth area is the development of metrics and models to objectively quantify security and compliance risks, including the standardisation of effectiveness and assurance measurement.
Archana Ramamoorthy, Senior Director, Regulated and Trusted Cloud at Google Cloud and CAR Founding Member, commented, "Adhering to compliance is often viewed as a costly, point-in-time snapshot that lags behind the pace of innovation. CAR represents a vital industry collaboration to change that paradigm. By embracing automation, harmonisation, and 'compliance-as-code,' we're not just aiming to reduce audit fatigue; we're building a future founded on continuous, evidence-based trust that can finally scale with the dynamic nature of cloud and AI."
Anil Markose, GVP, Chief Compliance Officer for Oracle SaaS, said, "The Compliance Automation Revolution marks a strategic move toward aligning compliance and security as complementary forces. As the regulatory landscape grows more complex, and threats become more sophisticated, it is critical for organisations to proactively address both. We're excited to work with CSA in advancing this mission."
Yair Kuznitsov, CEO and Co-Founder of Anecdotes, explained, "Enterprises today face increasingly complex GRC environments, and the need for scalable, automated solutions has never been greater. At Anecdotes, we're proud to be an ambassador for the Compliance Automation Revolution initiative, championing innovation that will help organisations navigate these challenges with greater ease and efficiency. This initiative tackles an unsolved problem, and we anticipate every enterprise will benefit from the groundbreaking work coming out of it."
Adam Shnider, Executive Vice President for Compliance Services at Coalfire, stated, "Security and compliance should be less of a burden — they should be a business enabler. The Compliance Automation Revolution provides the framework and collaboration needed to streamline compliance efforts, reduce risk exposure, and ensure organisations stay ahead of emerging threats."
Fabio Battelli, Senior Partner at Deloitte Central Mediterranean for Cyber Security Services, said, "By joining the Compliance Automation Revolution, we reaffirm our commitment to proactive security and compliance excellence. In an era of growing regulatory complexity, automation is key to reducing operational risk and streamlining compliance efforts. CAR represents a significant step forward in enabling organisations to shift resources from manual compliance tasks to innovation and business growth."
Prashant Vadlamudi, Senior Vice President, Product Security at Salesforce, added, "The regulatory landscape is shifting fast — and so are emerging threats. Static, check-the-box compliance models are no longer sufficient to keep pace. At Salesforce, we see compliance as a trust enabler, not a roadblock. That's why we're proud to join the Compliance Automation Revolution and partner with CSA to drive scalable, proactive solutions, leveraging the power of AI, that help organisations meet rising expectations with confidence."
Avani Desai, Chief Executive Officer of Schellman, commented, "In today's environment of mounting regulatory demands and rapidly evolving cyber threats, the Compliance Automation Revolution isn't just timely, it's essential. It's about transforming how organisations approach compliance, turning a traditionally reactive process into a proactive strategy for resilience. By embracing automation and collaboration, we can drive smarter decisions, reduce risk, and build a stronger, more secure future."
Jadee Hanson, Chief Information Security Officer at Vanta, said, "As regulations grow more complex and the threat landscape evolves, companies need automation not just to keep up, but to get ahead. The Compliance Automation Revolution is an important industry movement, and Vanta is proud to join this effort to push the industry toward smarter, more scalable ways of working. Together, we can simplify compliance, strengthen security programmes, and free up teams to focus on what matters most."
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
RNZ News
2 hours ago
- RNZ News
Judith Collins says possible AUKUS security pact review not for NZ to comment on
Defence Minister Judith Collins Photo: RNZ / Marika Khabazi The Defence Minister says there's no reason for New Zealand to comment on reports the Pentagon is reviewing the AUKUS defence alliance. A US defence official told Reuters the review was part of ensuring the security pact was aligned with the President's America First agenda. The strategic pact between the US, UK and Australia had long been a talking point in New Zealand, with consecutive governments pondering whether to join parts of the alliance. AUKUS was formed in 2021 to address shared worries about China's growing power. Under the pact, Australia would be armed with nuclear submarines at a cost of A$350 billion (NZ$377 billion). In a statement, Defence Minister Judith Collins said the US review was about AUKUS Pillar One, which New Zealand had never been a part of. New Zealand has had ongoing discussions about joining Pillar Two of the alliance, but any decisions on whether to join Pillar Two would be a matter for Cabinet, Collins said. Prime Minister Christopher Luxon has not received any reports or advice on what the Trump Administration reviewing the AUKUS security pact might mean for New Zealand. Luxon told RNZ he was not concerned the review could spell the end for Pillar Two "It's been left very open-ended. We're exploring Pillar Two - it's been to be honest quite slow going. "We are yet to be invited to partipate in Pillar Two." Luxon said the review was for Australia, the US, and the UK to work through. Australia was last week told by US Defence Secretary Pete Hegseth to significantly boost its defence spending. Australian Prime Minister Anthony Albanese said he would not be dictated to on defence spending. He he noted Australia's defence spending was already set to increase from 2 percent to 2.3 percent of Gross Domestic Product (GDP) over the next eight years. New Zealand had also come under pressure from the Trump administration this year for to up defence spending to 2 percent of GDP. Foreign Minister Winston Peters previously said New Zealand's trading partners would judge us if we did not "step up" and play our role by increasing defence spending.
Scoop
2 days ago
- Scoop
Economists Urge Action To Prevent ‘AI Poverty Traps'
Artificial intelligence could deepen inequality and create 'AI-poverty traps' in developing nations, write economists Dr Asha Sundaram and Dr Dennis Wesselbaum in their paper 'Economic development reloaded: the AI revolution in developing nations'. Sundaram, an associate professor at the University of Auckland Business School, and Wesselbaum, an associate professor at the University of Otago, say developing countries lack the necessary infrastructure and skilled labour force to capitalise on AI's potential. "The downside is that there isn't a lot of capacity in some countries in terms of digital infrastructure, internet, mobile phone penetration," says Sundaram. "Much of the technology is controlled by firms like Google and OpenAI, raising the risk of over-reliance on foreign tech, potentially stifling local innovation." Without strategic interventions, Wesselbaum says AI may create an 'AI-poverty trap': locking developing nations into technological dependence and widening the gap between global economies. 'For developing countries, AI could be a game-changer; boosting productivity, expanding access to essential services, and fostering local innovation – if the right infrastructure and skills are in place.' Financial support from developed countries and international bodies like the UN could help cover upfront costs through grants, loans and investment incentives, according to the research. 'We also need robust legal and regulatory frameworks to support responsible AI by addressing data privacy, ethics, and transparency concerns,' says Sundaram. The economists argue that in developing AI policies, the international community must learn from the successes and failures of foreign aid. "Aid has often failed to spur lasting growth in developing countries,' says Sundaram, 'partly because it can create dependency, reducing self-reliance and domestic initiatives." She highlights a need for policies to mitigate the downsides of AI, both in developed and developing countries. Such policies could include an international tax regime that would allow countries to capture tax revenue from economic activities driven by AI inside their borders. Sundaram's involved in one such project in Ethiopia where artificial intelligence is being harnessed by the government and the country's largest telecom provider to support small businesses excluded from formal banking due to lack of collateral. By analysing mobile money transactions and how much these businesses pay and receive, algorithms estimate how much credit can safely be offered, enabling small loans and helping integrate marginalised enterprises into the formal economy. Artificial intelligence holds the power to transform development trajectories, but without targeted investments and inclusive policies, says Wesselbaum, it risks deepening the digital divide and entrenching global inequality.
Scoop
4 days ago
- Scoop
EU Greenwashing Crackdown: Tao Climate Gives Airlines A Hemp-Powered Way Out
DUBLIN, 5 June 2025 - The European Commission has put 17 major airlines on the legal naughty list for greenwashing, and Irish climate tech startup Tao Climate is here to bail them out - scientifically. With enforcement ramping up and reputations on the line, Tao Climate delivers a verified escape route for airlines that want to go from climate confusion to compliance champions. Backed by Google, Enterprise Ireland and the European Space Agency, Tao Climate's carbon measurement and removal platform has just been endorsed by the European Commission through acceptance onto the InvestEU investor platform. That makes it an officially qualified decarbonisation technology investment - and a smart one. 'Our platform delivers real science, real removal, and real credibility,' said Gary Byrnes, CEO of Tao Climate. 'You can't bluff Brussels anymore. Airlines need data, transparency and actual carbon removal - not vague promises and token trees.' Tao Climate's technology uses regenerative hemp farming to suck CO2 from the sky and lock it away in sustainable building materials. It's fast, measurable, and entirely verifiable - which is exactly what the EU wants. The startup will showcase its carbon-removing tech at Future Travel Experience EMEA and FTE Ancillary & Retailing, taking place in Dublin from 10-12 June. Airline and airport professionals can see the Tao Carbon API in action and literally touch a block of carbon-negative hempcrete at Stand S19. If you're flying into Dublin and worried about your carbon footprint, don't panic - Tao Climate can solve that too.
